how does the browser differentiate a cookie is from client-side created (JavaScript) or server-side created (ASP.NET). Is it possible to delete cookie created from server side in client side and vice versa, I'm struggling to delete a cookie was created from client-side using javascript in ASP.NET code-behind.
how does the browser differentiate a cookie is from client-side created (JavaScript) or server-side created (ASP.NET). Is it possible to delete cookie created from server side in client side and vice versa, I'm struggling to delete a cookie was created from client-side using javascript in ASP.NET code-behind.
Share Improve this question edited Apr 11, 2012 at 19:34 abatishchev 100k88 gold badges301 silver badges442 bronze badges asked Apr 11, 2012 at 6:25 Chandru velanChandru velan 1461 gold badge4 silver badges23 bronze badges 1- asp cookie vs javascript cookie – Kashif Commented Apr 11, 2012 at 6:37
2 Answers
Reset to default 6how does the browser differentiate a cookie is from Client side(javascript created) or serverside created (Asp).
It doesn't. A cookie is a cookie.
The closest it es is the HTTP Only flag, which allows a cookie to be hidden from JavaScript. (This provides a little defence against XSS cookie theft).
it is possible to delete cookie created from server side in client side and vice versa
Yes. A cookie is a cookie. (Again, client side code can't touch an HTTP only cookie)
As far as I know it is possible if there is not property HttpOnly owasp wikipedia.
In chrome, for the cookies, there is a field - Accessible by script, which indicates if HttpOnly is set.